Saturday, October 29, 2005

Singularity: A Next Generation OS

Here's a fascinating document from Microsoft Research detailing work on Singularity. It's an OS designed to support languages like Java and C# - so has been designed to support partitioned memory spaces, and to handle dependable code.
SIPs are the OS processes on Singularity. All code outside the kernel executes in a SIP. SIPs differ from conventional operating system processes in a number of ways:
  • SIPs are closed object spaces, not address spaces. Two Singularity processes cannot simultaneously access an object. Communications between processes transfers exclusive ownership of data.
  • SIPs are closed code spaces. A process cannot dynamically load or generate code.
  • SIPs do not rely on memory management hardware for isolation. Multiple SIPs can reside in a physical or virtual address space.
  • Communications between SIPs is through bidirectional, strongly typed, higher-order channels. A channel specifies its communications protocol as well as the values transferred, and both aspects are verified.
  • SIPs are inexpensive to create and communication between SIPs incurs low overhead. Low cost makes it practical to use SIPs as a fine-grain isolation and extension mechanism.
  • SIPs are created and terminated by the operating system, so that on termination, a SIP’s resources can be efficiently reclaimed.
  • SIPs executed independently, even to the extent of having different data layouts, run-time systems, and garbage collectors.
SIPs are not just used to encapsulate application extensions. Singularity uses a single mechanism for both protection and extensibility, instead of the conventional dual mechanisms of processes and dynamic code loading. As a consequence, Singularity needs only one error recovery model, one communication mechanism, one security policy, and one programming model, rather than the layers of partially redundant mechanisms and policies in current systems. A key experiment in Singularity is to construct an entire operating system using SIPs and demonstrate that the resulting system is more dependable than a conventional system.
Something to keep an eye on - this could be the type of approach needed to deliver modular OSes that run on hypervisors.

2 Comments:

Anonymous ssavitzky said...

Oh, look! They've invented the B5500! Or was that USCD Pascal? Or the LISP Machine?

10/29/2005 08:57:00 pm  
Anonymous Anonymous said...

None of the above, ssavitzky. If you actually read the paper, you'll see that Singularity relies heavily on compile-time checking of code that eventually runs native, which is very different than running bytecode. They've also extended checking to a semantic level way above what bytecode can do; check out the protocol-specification part of Sing# to understand what that means.

It's easy to be a smartass about an OS based on a dialect of C#, but it just looks tiresome when the incorrectness of the hasty underlying assumptions is pointed out.

10/31/2005 01:26:00 pm  

Post a Comment

Links to this post:

Create a Link

<< Home